kubenetes master使用curl 操作API
前提条件: 已经使用kubeadm 安装集群
查看 kebelet.conf 配置内容
kubectl --kubeconfig /etc/kubernetes/kubelet.conf config view apiVersion: v1
clusters:
- cluster:
certificate-authority-data: REDACTED
server: https://{master node local ip}:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: admin
name: admin@kubernetes
- context:
cluster: kubernetes
user: kubelet
name: kubelet@kubernetes
current-context: admin@kubernetes
kind: Config
preferences: {}
users:
- name: admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
- name: kubelet
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
我们对应到kubelet.conf中,发现每个REDACTED字样对应的都是一段数据,这段数据是由对应的数字证书内容或密钥内容转换(base64)而来的,在访问apiserver时会用到
node节点操作: # kubectl get pods
The connection to the server localhost: was refused - did you specify the right host or port? # kubectl --kubeconfig /etc/kubernetes/kubelet.conf get pods
NAME READY STATUS RESTARTS AGE
my-nginx--359d6 / Running 26d
my-nginx--3g0n7 / Running 26d
my-nginx--xkzsh / Running 26d
my-ubuntu--5q7q5 / Running 26d
my-ubuntu--lrrh0 / Running 26d
kubeadm创建k8s集群时,会在master node上创建一些用于组件间访问的证书、密钥和token文件,上面的kubeconfig中的“REDACTED”所代表的内容就是从这些文件转化而来的:
/etc/kubernetes/pki# ls
apiserver-key.pem apiserver.pem apiserver-pub.pem ca-key.pem ca.pem ca-pub.pem sa-key.pem sa-pub.pem tokens.csv
- apiserver-key.pem:kube-apiserver的私钥文件
- apiserver.pem:kube-apiserver的公钥证书
- apiserver-pub.pem kube-apiserver的公钥文件
- ca-key.pem:CA的私钥文件
- ca.pem:CA的公钥证书
- ca-pub.pem :CA的公钥文件
- sa-key.pem :serviceaccount私钥文件
- sa-pub.pem :serviceaccount的公钥文件
- tokens.csv:kube-apiserver用于校验的token文件
我们在 node节点上通过curl 测试一下通过安全通道访问master node上的kube-apiserver,kubenetes 的authentication(包括:客户端证书认证、basic auth、static token等)只要通过其中一个即可。当前kube-apiserver开启了客户端证书认证(–client-ca-file)和static token验证(–token-auth-file),我们只要通过其中一个,就可以通过authentication,于是我们使用static token方式。static token file的内容格式:
token,user,uid,"group1,group2,group3" 对应的内容
# cat /etc/kubernetes/pki/tokens.csv{token},{user},812ffe41-cce0-11e6-9bd3-00163e1001d7,system:kubelet-bootstrap用这个token通过curl与apiserver交互:
# curl --cacert /etc/kubernetes/pki/ca.pem -H "Authorization: Bearer {token}" https://{master node local ip}:6443
{
"paths": [
"/api",
"/api/v1",
"/apis",
"/apis/apps",
"/apis/apps/v1beta1",
"/apis/authentication.k8s.io",
"/apis/authentication.k8s.io/v1beta1",
"/apis/authorization.k8s.io",
"/apis/authorization.k8s.io/v1beta1",
"/apis/autoscaling",
"/apis/autoscaling/v1",
"/apis/batch",
"/apis/batch/v1",
"/apis/batch/v2alpha1",
"/apis/certificates.k8s.io",
"/apis/certificates.k8s.io/v1alpha1",
"/apis/extensions",
"/apis/extensions/v1beta1",
"/apis/policy",
"/apis/policy/v1beta1",
"/apis/rbac.authorization.k8s.io",
"/apis/rbac.authorization.k8s.io/v1alpha1",
"/apis/storage.k8s.io",
"/apis/storage.k8s.io/v1beta1",
"/healthz",
"/healthz/poststarthook/bootstrap-controller",
"/healthz/poststarthook/extensions/third-party-resources",
"/healthz/poststarthook/rbac/bootstrap-roles",
"/logs",
"/metrics",
"/swaggerapi/",
"/ui/",
"/version"
]
}
类型为ReplicationController: 通过curl 调用 kube-apiserver操作命令如:
registry="docker.cinyi.com:443"
#取出项目目录
javadir=`echo $WORKSPACE | awk -F'/' '{print $5}'`
#取出war包名称
javaname=`ls $WORKSPACE/target/*war | awk -F'/' '{print $7}' | cut -d . -f 1`
#tag 时间
image_data=`date +%F_%H_%S`
mkdir -p /data/docker_project/$javadir
rm /data/docker_profile/$javadir/$javaname.war -rf
mv $WORKSPACE/target/$javaname.war /data/docker_project/$javadir
#在/data/docker_project 目录下有一个dockerfile模版,根据war包的名字替换成新的dockerfile
sed "s/jenkins/$javaname/g" /data/docker_project/Dockerfile >/data/docker_project/$javadir/Dockerfile
if docker images | grep $javaname ; then
docker rmi -f `docker images | grep $javaname | awk '{print $3}'`
fi
#打包,上传到registry
docker build -t docker.cinyi.com:443/senyint/$javaname:$image_data /data/docker_project/$javadir/
docker push docker.cinyi.com:443/senyint/$javaname:$image_data
#生成rc 和 server yaml文件
sed "s/im-web/$javaname/g" /data/docker_project/im-web_rc.yaml >/data/docker_project/$javadir/${javaname}_rc.yaml
#定义image版本号
sed -i "s/lastest/$image_data/g" /data/docker_project/$javadir/${javaname}_rc.yaml
sed "s/im-web/$javaname/g" /data/docker_project/im-web_service.yaml >/data/docker_project/$javadir/${javaname}_service.yaml
#定义namespace 为test:
k8s_apicurl="curl --cacert /root/ca.pem"
k8s_url="https://192.168.20.227:6443"
#创建namespaces
if ! `$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET $k8s_url/api/v1/namespaces | grep test >/dev/null` ;then
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X POST $k8s_url/api/v1/namespaces -d "$(cat /data/docker_project/namespaces.yaml)"
fi
#创建service
if ! `$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET $k8s_url/api/v1/namespaces/test/services | grep "im-web" >/dev/null` ; then
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X POST $k8s_url/api/v1/namespaces/test/services -d "$(cat /data/docker_project/$javadir/${javaname}_service.yaml)"
fi
#创建ReplicationController
if ! `$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET $k8s_url/api/v1/namespaces/test/replicationcontrollers | grep "im-web" >/dev/null` ; then
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X POST $k8s_url/api/v1/namespaces/test/replicationcontrollers/ -d "$(cat /data/docker_project/$javadir/${javaname}_rc.yaml)"
else
#滚动升级
ssh root@192.168.20.227 "kubectl rolling-update $javaname --image=docker.cinyi.com:443/senyint/$javaname:$image_data --namespace=test"
fi
类型为deployment: 通过curl 调用 kube-apiserver操作命令如: 对war包发版
registry="docker.cinyi.com:443"
#取出项目目录
javadir=`echo $WORKSPACE | awk -F'/' '{print $5}'`
#取出war包名称
javaname=`ls $WORKSPACE/target/*war | awk -F'/' '{print $7}' | cut -d . -f 1`
#tag 时间
image_data=`date +%F_%H_%M`
mkdir -p /data/docker_project/$javadir
rm /data/docker_profile/$javadir/$javaname.war -rf
mv $WORKSPACE/target/$javaname.war /data/docker_project/$javadir
#在/data/docker_project 目录下有一个dockerfile模版,根据war包的名字替换成新的dockerfile
sed "s/jenkins/$javaname/g" /data/docker_project/Dockerfile >/data/docker_project/$javadir/Dockerfile
if docker images | grep $javaname ; then
docker rmi -f `docker images | grep $javaname | awk '{print $3}'`
fi
#打包,上传到registry
docker build -t docker.cinyi.com:443/senyint/$javaname:$image_data /data/docker_project/$javadir/
docker push docker.cinyi.com:443/senyint/$javaname:$image_data
#生成rc 和 server yaml文件
sed "s/im-web/$javaname/g" /data/docker_project/im-web_deployment.yaml >/data/docker_project/$javadir/${javaname}_deployment.yaml
#替换image版本号
echo 11111
sed -i "s/latest/$image_data/g" /data/docker_project/$javadir/${javaname}_deployment.yaml
echo 2222
sed "s/im-web/$javaname/g" /data/docker_project/im-web_service.yaml >/data/docker_project/$javadir/${javaname}_service.yaml
#定义namespace 为test:
k8s_apicurl="curl --cacert /root/ca.pem"
k8s_url="https://192.168.20.227:6443"
#创建namespaces
if ! `$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET $k8s_url/api/v1/namespaces | grep test >/dev/null` ;then
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X POST $k8s_url/api/v1/namespaces -d "$(cat /data/docker_project/namespaces.yaml)"
fi
#创建service
if ! `$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET $k8s_url/api/v1/namespaces/test/services | grep "${javaname}" >/dev/null` ; then
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X POST $k8s_url/api/v1/namespaces/test/services -d "$(cat /data/docker_project/$javadir/${javaname}_service.yaml)"
fi
#创建Deployment
if `$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET $k8s_url/apis/extensions/v1beta1/namespaces/test/deployments/ | grep "${javaname}" >/dev/null` ; then
#滚动升级
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X PUT $k8s_url/apis/extensions/v1beta1/namespaces/test/deployments/${javaname} -d "$(cat /data/docker_project/$javadir/${javaname}_deployment.yaml)"
else
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X POST $k8s_url/apis/extensions/v1beta1/namespaces/test/deployments/ -d "$(cat /data/docker_project/$javadir/${javaname}_deployment.yaml)"
fi
类型为deployment: 通过curl 调用 kube-apiserver操作命令如: 对tar.gz包发版
registry="docker.cinyi.com:443"
#取出项目目录
javadir=`echo $WORKSPACE | awk -F'/' '{print $5}'`
#取出war包名称
javaname=`ls $WORKSPACE/pay-web/target/*tar.gz | awk -F'/' '{print $8}' | cut -d . -f 1`
#tag 时间
image_data=`date +%F_%H_%M` mkdir -p /data/docker_project/$javadir
rm /data/docker_profile/$javadir/$javaname.war -rf
mv $WORKSPACE/pay-web/target/$javaname.tar.gz /data/docker_project/$javadir
#在/data/docker_project 目录下有一个dockerfile模版,根据war包的名字替换成新的dockerfile
sed "s/jenkins.war/$javaname.tar.gz/g" /data/docker_project/Dockerfile.bak >/data/docker_project/$javadir/Dockerfile
if docker images | grep $javaname ; then
docker rmi -f `docker images | grep $javaname | awk '{print $3}'`
fi
#打包,上传到registry
cp /data/docker_project/supervisor_payapi.conf /data/docker_project/$javadir/
cp /data/docker_project/jdk.tar.gz /data/docker_project/$javadir/
cp /data/docker_project/supervisord.conf /data/docker_project/$javadir/
docker build -t docker.cinyi.com:443/senyint/$javaname:$image_data /data/docker_project/$javadir/
docker push docker.cinyi.com:443/senyint/$javaname:$image_data #生成rc 和 server yaml文件
sed "s/im-web/$javaname/g" /data/docker_project/im-web_deployment.yaml >/data/docker_project/$javadir/${javaname}_deployment.yaml
#替换image版本号
echo 11111
sed -i "s/latest/$image_data/g" /data/docker_project/$javadir/${javaname}_deployment.yaml
echo 2222
sed "s/im-web/$javaname/g" /data/docker_project/im-web_service.yaml >/data/docker_project/$javadir/${javaname}_service.yaml #定义namespace 为test:
k8s_apicurl="curl --cacert /root/ca.pem"
k8s_url="https://192.168.20.227:6443"
#创建namespaces
if ! `$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET $k8s_url/api/v1/namespaces | grep test >/dev/null` ;then
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X POST $k8s_url/api/v1/namespaces -d "$(cat /data/docker_project/namespaces.yaml)"
fi #创建service
if ! `$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET $k8s_url/api/v1/namespaces/test/services | grep "${javaname}" >/dev/null` ; then
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X POST $k8s_url/api/v1/namespaces/test/services -d "$(cat /data/docker_project/$javadir/${javaname}_service.yaml)"
fi
#创建Deployment
if `$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET $k8s_url/apis/extensions/v1beta1/namespaces/test/deployments/ | grep "${javaname}" >/dev/null` ; then
#滚动升级
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X PUT $k8s_url/apis/extensions/v1beta1/namespaces/test/deployments/${javaname} -d "$(cat /data/docker_project/$javadir/${javaname}_deployment.yaml)"
else
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X POST $k8s_url/apis/extensions/v1beta1/namespaces/test/deployments/ -d "$(cat /data/docker_project/$javadir/${javaname}_deployment.yaml)"
fi
Dockerfile
FROM senyint/centos7.:latest MAINTAINER fengjian <fengjian@senyint.com.com> RUN mkdir -p /data/webserver/pay-web-package ADD jdk.tar.gz /data ADD jenkins.war /data/webserver/pay-web-package ADD supervisord.conf /etc/supervisord.conf ADD supervisor_payapi.conf /etc/supervisor.conf.d/supervisor_payapi.conf RUN mkdir -p /etc/supervisor.conf.d && \
mkdir -p /var/log/supervisor ENTRYPOINT ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]
使用 rolling-update进行升级必须使用 ReplicationController 类型,deployment不支持。
jenkins 对应的目录文件。
[root@docker1 ~]# kubectl rolling-update fengjian --image=docker.cinyi.com:443/senyint/im-web:v1 --namespace=fengjian20170221
deployment 使用命令升级方法
[root@docker1 ~]# kubectl set image deployment/pay-startup-package pay-startup-package=docker.cinyi.com/senyint/pay-startup-package:2017-03-27_15_56 --namespace=test
[root@docker5 docker_project]# cat configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: testenv
namespace: test
data:
mysql_server: 192.168.20.131
redis_server: 192.168.20.116
mongo_server: 192.168.20.116
[root@docker5 docker_project]# cat Dockerfile
FROM senyint/java1.:latest MAINTAINER fengjian <fengjian@senyint.com.com> ENV docker.cinyi.com 192.168.20.135 ADD jenkins.war /data/webserver/ RUN unzip /data/webserver/jenkins.war -d /data/webserver && \
rm /data/webserver/jenkins.war
[root@docker5 docker_project]# cat im-web_deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: im-web
namespace: test
spec:
replicas:
template:
metadata:
labels:
name: im-web
spec:
volumes:
- name: workdir
hostPath:
path: "/data/log/im-web"
containers:
- name: im-web
image: docker.cinyi.com:/senyint/im-web:latest
ports:
- containerPort:
volumeMounts:
- name: workdir
mountPath: /data/tomcat/logs
env:
- name: mysql_server
valueFrom:
configMapKeyRef:
name: testenv
key: mysql_server
- name: redis_server
valueFrom:
configMapKeyRef:
name: testenv
key: redis_server
- name: mongo_server
valueFrom:
configMapKeyRef:
name: testenv
key: mongo_server
[root@docker5 docker_project]# cat im-web_service.yaml
apiVersion: v1
kind: Service
metadata:
name: im-web
labels:
name: im-web
spec:
ports:
- port:
containerPort:
selector:
name: im-web
[root@docker5 docker_project]# cat namespaces.yaml
apiVersion: v1
kind: Namespace
metadata:
name: test
label:
name: test
查看ingress 内容
[root@docker1 ~]# curl --cacert /root/ca.pem -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET https://192.168.20.227:6443/apis/extensions/v1beta1/ingresses
查看 namespaces下的 ingress
GET /apis/extensions/v1beta1/namespaces/{namespace}/ingresses
删除namespaces 下的ingress
DELETE /apis/extensions/v1beta1/namespaces/{namespace}/ingresses
创建
POST /apis/extensions/v1beta1/namespaces/{namespace}/ingresses
读取
GET /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}
curl --cacert /root/ca.pem -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET https://192.168.20.227:6443/apis/extensions/v1beta1/namespaces/test/ingresses/dashboard-ingress
替换
PUT /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}删除
DELETE /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}
PATCH /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}
docker registry 查看镜像:
[root@bcbf4a94a152 ~]# curl https://docker.cinyi.com/v2/_catalog
docker registry 查看版本号:
[root@bcbf4a94a152 ~]# curl https://docker.cinyi.com/v2/senyint/im-web/tags/list
kubenetes master使用curl 操作API的更多相关文章
- ElasticSearch之CURL操作(有空再去整理)
https://www.cnblogs.com/jing1617/p/8060421.html ElasticSearch之CURL操作 CURL的操作 curl是利用URL语法在命令行方式下工 ...
- 使用curl操作openstack swift
openstack官网有专门的开发者文档介绍如何使用curl操作swift(http://docs.openstack.org/api/openstack-object-storage/1.0/con ...
- 使用curl操作InfluxDB
这里列举几个简单的示例代码,更多信息请参考InfluxDB官方文档: https://docs.influxdata.com/influxdb/v1.1/ 环境: CentOS6.5_x64Influ ...
- Curl操作Elasticsearch的常用方法
Elasticsearch对于文档操作,提供了以下几种API,本文就说明如何使用curl方式来调用这些API. API种类 单文档操作API 1.* Index API 索引文档 * 为文档创建索引 ...
- paip.复制文件 文件操作 api的设计uapi java python php 最佳实践
paip.复制文件 文件操作 api的设计uapi java python php 最佳实践 =====uapi copy() =====java的无,要自己写... ====php copy ...
- 线程操作API
线程操作API 1.currentThread 2.getId() .getName().getPriority().getStart.isAlive().isDaemon().isInterrupt ...
- Delphi内存操作API函数(备查,并一一学习)
Delphi内存操作API函数System.IsMemoryManagerSet;System.Move;System.New;System.ReallocMem;System.ReallocMemo ...
- HTML5文件操作API
HTML5文件操作API 一.文件操作API 在之前我们操作本地文件都是使用flash.silverlight或者第三方的activeX插件等技术,由于使用了这些技术后就很难进行跨平台.或 ...
- Js 常用字符串操作 API
常用的一些字符串操作 API 整理 1.str.charAt(index).str.charCodeAt(index) - 返回指定位置的字符 / 字符编码(0~65535) index - 必须,表 ...
随机推荐
- Sourcetree报错: 您没有已经配置扩展集成设置的远端
一.错误提示 您没有已经配置扩展集成设置的远端; ... 二.解决 配置 Legacy Account Settings 即可:
- 安装SQL SEVER 2017 express 轻量入门级软件 安装教程
1. 首先 打开网址 https://www.microsoft.com/zh-tw/sql-server/sql-server-downloads 点击下载 , 下载完成之后, 点开安装 ...
- Android - 单例模式线程安全
https://blog.csdn.net/Mars_idea/article/details/80724404 https://blog.csdn.net/cselmu9/article/detai ...
- python学习之老男孩python全栈第九期_数据库day004知识点总结 —— MySQL数据库day4
复习: 1. MySQL:文件管理的软件 2. 三部分: - 服务端 - SQL语句 - 客户端 3. 客户端: - MySQL - navicat 4. 授权操作: - 用户操作 - 授权操作 5. ...
- 区别String、StringBuilder、Stringbuffer的总结
1.三者在执行速度上: StringBuilder > StringBuffer > String 2. String:不可变长字符串 StringBuilder : 为可变长字符串 St ...
- 使用catsup快速建立个人博客
一.安装 time: 2016-01-2 20:30 1.使用pip安装catsup:(sudo) pip install catsup 从旧版本升级到新版本:(sudo) pip install c ...
- Android 运行时权限处理(from jianshu)
https://www.jianshu.com/p/e1ab1a179fbb 翻译的国外一篇文章. android M 的名字官方刚发布不久,最终正式版即将来临! android在不断发展,最近的更新 ...
- Android使用xml文件中的array资源
Android中有种使用数组的非常简单的用法,在xml文件中获取. 创建数组资源 在value目录下创建arrays.xml文件 然后在arrays.xml文件中使用<string-array& ...
- maven 配置jdk版本编译
在maven的默认配置中,对于jdk的配置是1.4版本,那么创建/导入maven工程过程中,工程中未指定jdk版本. 对工程进行maven的update,就会出现工程依赖的JRE System Lib ...
- linux安装memcached
一:为什么要使用memcached 瓶颈:互联网发展,特别在web2.0兴起之后,传统数据库开始出现瓶颈 1:对数据库的高并发读写 2:对海量数据库的处理(海量数据查找)memcache 是高性能的分 ...